The personal details of more than 500 million Facebook (FB) users, including phone numbers, Facebook IDs, full names, locations, birthdates and email addresses, have reportedly been posted on a website for hackers.
According to Business Insider, which first reported the availability of the data, information of some 533 million people from 106 countries was online on Saturday.
This included 11 million records on users in the UK, more than 32 million on American users and 6 million on users in India.
It was first discovered by Alon Gal, the chief technology officer of cybercrime intelligence firm Hudson Rock.
Gal told the publication that a data dump of that magnitude would "certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts."
It is not the first time the social media company's data security issues have been brought into question.
In 2018, it disabled a feature that allowed users to search for people via phone numbers, after it was unveiled that Cambridge Analytica had accessed information on up to 87 million users without their knowledge or consent.
In December 2019, a Ukrainian security researcher discovered a database with the names, phone numbers and unique user IDs of more than 267 million Facebook users on the open internet. Nearly all of the information related to users based in the US.
It is not yet clear whether the current data leak is related to the database published in 2019.
But, a spokesperson for the company said that the data appears to be from that database. "This is old data that was previously reported on in 2019,” they said. "We found and fixed this issue in August 2019."
Other tech giants have also grappled with major hacks. In March, Microsoft (MSFT) users fell victim to hackers who were able to access their computers remotely after they exploited vulnerabilities in Microsoft Exchange.
A Chinese-sponsored hacker group dubbed Hafnium left behind “web shells” that allowed cyber criminals to access victims’ systems remotely.
While, the presence of a web shell on a server does not guarantee that hackers have managed to steal files, businesses are able to remove malicious software without any data breach taking place.
The vulnerabilities go back 10 years, and have been exploited by hackers at least since January 2021.
It is thought that some 30,000 businesses in the US, and hundreds of thousands elsewhere, were attacked.
In the UK, the National Cyber Security Centre, a part of intelligence agency GCHQ, estimated that 7,000 servers had been affected by the flaw, and only half of them had been secured.
Officials believe that more than 3,000 UK email servers are still at risk.
WATCH: Microsoft Hack Becomes Global Crisis